Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for real-time data protection, comprising: in an access gateway comprising at least one computer processor: receiving a user login comprising a user identifier; retrieving, using an in-memory entitlements graph, a role definition for the user identifier, wherein the role definition comprises allowed actions, entitled assets, and a system account; receiving a selection of a requested asset from the entitled assets and a requested action from the allowed actions; verifying the user's entitlement to access the requested asset and perform the requested action with the system account using the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action, wherein the in-memory entitlement graph validates organizational changes and incident management controls; and authorizing the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.
This invention relates to real-time data protection systems, specifically for managing user access and entitlements in a secure manner. The system addresses the challenge of ensuring authorized access to digital assets while maintaining security and compliance, particularly in dynamic environments where organizational changes or incident management may affect access permissions. The method operates within an access gateway that includes at least one computer processor. Upon receiving a user login with a user identifier, the system retrieves a role definition for that user from an in-memory entitlements graph. The role definition specifies the user's allowed actions, entitled assets, and associated system account. When a user selects a specific asset and action, the system verifies their entitlement in real-time by cross-referencing the user identifier, system account, requested asset, and requested action against the in-memory entitlement graph. This graph dynamically validates organizational changes and incident management controls to ensure up-to-date access permissions. The system then authorizes the requested access and action with the system account at the exact time of the request, providing immediate and secure access control. The in-memory entitlement graph ensures low-latency decision-making while maintaining compliance with security policies.
2. The method of claim 1 , further comprising: performing a step-up validation against a regulation, policy, or law.
A system and method for regulatory compliance validation in data processing environments. The invention addresses the challenge of ensuring that data processing operations adhere to applicable regulations, policies, or laws, which is critical for industries such as finance, healthcare, and government where non-compliance can result in legal penalties or operational disruptions. The method involves validating data processing operations against predefined regulatory requirements. This includes analyzing the operations to determine whether they meet specified criteria, such as data retention periods, access controls, or reporting obligations. The validation process may involve automated checks, manual reviews, or a combination of both, depending on the complexity of the regulations. In addition to basic validation, the method includes a step-up validation process. This involves performing a more rigorous assessment of the data processing operations to ensure compliance with higher-level regulations, policies, or laws. The step-up validation may include additional checks, such as verifying the integrity of data processing logs, conducting audits, or consulting with legal experts. This ensures that the operations not only meet minimum compliance standards but also align with best practices and industry standards. The method may be applied to various data processing operations, including data storage, transmission, and analysis. It can be integrated into existing compliance management systems or deployed as a standalone solution. The invention provides a systematic approach to regulatory compliance, reducing the risk of non-compliance and improving operational efficiency.
3. The method of claim 1 , wherein the in-memory entitlements graph is based on linking common information from human resources data, entitlement data, and policy data.
4. The method of claim 1 , further comprising: establishing a session with the requested resource; and logging user actions during the session.
5. The method of claim 1 , wherein the user identifier comprises a UserId.
6. The method of claim 1 , wherein the access gateway authenticates the user.
A system and method for secure network access control involves an access gateway that authenticates users before granting network access. The access gateway verifies user credentials, such as passwords, biometric data, or multi-factor authentication tokens, to ensure only authorized users can connect to the network. This authentication process may include validating user identities against a centralized directory or database, enforcing password policies, or integrating with third-party identity providers. The gateway may also implement additional security measures, such as session timeouts, IP restrictions, or device fingerprinting, to further protect network resources. By authenticating users before allowing access, the system prevents unauthorized individuals from entering the network, reducing the risk of data breaches and cyberattacks. The method ensures that only verified users can interact with network services, enhancing overall security and compliance with regulatory requirements. The access gateway may also log authentication attempts and maintain audit trails for monitoring and forensic purposes. This approach is particularly useful in enterprise environments where secure access control is critical for protecting sensitive data and maintaining operational integrity.
7. The method of claim 1 , wherein the asset comprises a database instance or an application instance.
8. The method of claim 1 , wherein the asset comprises a business flow or a data object.
This invention relates to systems and methods for managing and processing assets within a business or data environment. The core technology addresses the challenge of efficiently handling diverse types of assets, such as business flows or data objects, to improve operational efficiency, data integrity, or workflow automation. The method involves identifying and categorizing assets, which may include structured or unstructured data objects, business processes, or workflows. These assets are then processed according to predefined rules or algorithms to optimize their handling. For business flows, this may involve automating steps, validating inputs, or ensuring compliance with business logic. For data objects, the method may include parsing, transforming, or validating the data to ensure consistency and accuracy. The system dynamically adapts to different asset types, applying appropriate processing techniques based on their characteristics. This ensures that business flows are executed smoothly and data objects are correctly interpreted and utilized. The method may also integrate with existing enterprise systems to enhance interoperability and streamline operations. By providing a flexible and adaptive approach to asset management, the invention improves efficiency, reduces errors, and supports scalable automation in business and data processing environments.
9. The method of claim 1 , wherein the user's entitlement to access the requested asset and perform the requested action with the system account substantially at the time of requested access is authorized with the in-memory entitlement graph.
10. The method of claim 1 , further comprising: updating the in-memory entitlement graph.
11. A system for real-time data protection, comprising: an access gateway comprising at least one computer processor and executing a gateway computer program; a user access device; a plurality of assets; and an in-memory entitlement graph; wherein: the gateway computer program receives a user login comprising a user identifier from the user access device; the gateway computer program retrieves a role definition for the user identifier from the in-memory entitlement graph, wherein the role definition comprises allowed actions, entitled assets, and a system account; the gateway computer program receives a selection of a requested asset from the entitled assets and a requested action from the allowed actions from the user access device; the gateway computer program verifies the user's entitlement with the in-memory entitlement graph based on the user identifier, the system account, the requested asset, and the requested action, wherein the in-memory entitlement graph validates organizational changes and incident management controls; and the gateway computer program authorizes the user's entitlement to access the requested asset and perform the requested action with the system account substantially at a time of requested access.
12. The system of claim 11 , wherein the gateway computer program performs a step-up validation against a regulation, policy, or law.
13. The system of claim 11 , wherein the in-memory entitlements graph is based on linking common information from human resources data, entitlement data, and policy data.
This invention relates to an in-memory entitlements graph system designed to streamline access control management by integrating and correlating data from multiple sources. The system addresses the challenge of fragmented entitlement data, which often leads to inefficiencies in access governance, compliance risks, and operational overhead. By consolidating human resources data, entitlement data, and policy data into a unified in-memory graph structure, the system enables real-time analysis and decision-making regarding user access rights. The in-memory entitlements graph dynamically links and processes information from these disparate sources to provide a comprehensive view of entitlements across an organization. Human resources data includes employee roles, departments, and organizational hierarchies, while entitlement data encompasses permissions, access rights, and system privileges. Policy data defines compliance rules, regulatory requirements, and internal governance policies. By integrating these datasets, the system ensures that access decisions are based on up-to-date, context-aware information, reducing the risk of unauthorized access or policy violations. The graph structure allows for efficient traversal and querying, enabling rapid identification of access patterns, conflicts, and compliance gaps. This approach enhances security, simplifies auditing, and improves the overall efficiency of identity and access management (IAM) processes. The system is particularly useful in large enterprises where managing entitlements across multiple systems and departments is complex and time-consuming.
14. The system of claim 11 , wherein the access gateway establishes a session with the requested resource and logs user actions during the session.
15. The system of claim 11 , wherein the user identifier comprises a UserId.
16. The system of claim 11 , wherein the access gateway authenticates the user.
17. The system of claim 11 , wherein the asset comprises a database instance or an application instance.
18. The system of claim 11 , wherein the asset comprises a business flow or a data object.
This invention relates to a system for managing and processing assets within a digital environment, particularly focusing on business flows or data objects. The system is designed to address challenges in tracking, analyzing, and optimizing the movement and transformation of assets across different stages of a workflow or data pipeline. Business flows refer to sequences of interconnected processes or transactions that define how work is executed within an organization, while data objects represent structured or unstructured data entities that are processed, stored, or transmitted. The system includes a monitoring module that captures real-time data about the asset's state, interactions, and dependencies. This module tracks metrics such as processing time, error rates, and resource utilization to ensure efficient operation. An analysis module evaluates the collected data to identify bottlenecks, inefficiencies, or compliance issues. It applies machine learning or rule-based techniques to generate insights and recommendations for improvement. The system also features an orchestration module that automates the execution of tasks based on predefined rules or dynamic conditions. It ensures that assets are routed correctly, transformed as needed, and integrated with other systems. Additionally, a visualization module provides dashboards and reports to stakeholders, enabling them to monitor performance and make data-driven decisions. For business flows, the system optimizes process automation and compliance, while for data objects, it enhances data integrity and processing efficiency. The invention improves operational transparency, reduces manual intervention, and supports scalable asset management in complex environments.
19. The system of claim 11 , wherein the user's entitlement to access the requested asset and perform the requested action with the system account substantially at the time of requested access is authorized with the in-memory entitlement graph.
20. The system of claim 11 , wherein the in-memory entitlement graph is updated.
Unknown
March 16, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.